VirusTotal detects trojan in 1.9.0.24 via Google and 5 other vendors
Closed this issue · 3 comments
This is probably a false positive due to UPX compression, but here is the report. Eyebrow raises on flagging by Google.
Previous release had only one detection.
Is it possible to make no-UPX releases?
sure, I'll make a second no-upx release, no problem
https://www.virustotal.com/ report false-positives on both released versions, but let me assure you: there is no malicious code in debugview++.
The false-positives occur because of the kind of operations that the tool does, such as accessing debug messages and reading output from other processes. These reports will continue to happen if you do not pay Microsoft for signing your binaries. (which I will not be doing ;)
It still detects one thing on the non-upx version:
debugviewpp-1.9.0.24-win64.zip
and more on the UPX (self extracting executable) version:
debugviewpp-1.9.0.24-win64-upx.zip
631 KB
https://www.virustotal.com/gui/file/29868dfa051000848e4c409707e373997c649009d3f677dafa2236f9fb89759f
But there is nothing I can do about it, I think, debugview does 'tricks' to read debug information from other applications, well yea, that is what is for ;)
Also, UPX does in-memory binary extraction, again, yes, that is what is suppose to do.
I find it interesting that this detection:
Is not found on the UPX version:
